Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
03/05/2024, 03:22
General
-
Target
c9d7401df67fc7db2ce26c1514dd93e5fe669197798629d8002de5749f1c4b52.exe
-
Size
584KB
-
MD5
6d50c2ad579b99ede9cf85a480318878
-
SHA1
62abd8a9321adb635f5f428c66641cb34d4f43a9
-
SHA256
c9d7401df67fc7db2ce26c1514dd93e5fe669197798629d8002de5749f1c4b52
-
SHA512
f1b20ef3a35f02f3b793718e05f2fed85871094223f2016d10ea840f1c290aa0b058e43999f3a846f872fa6f180cb806bd90913cb203220c82ab1bb984dae71d
-
SSDEEP
12288:n3C9ytvngQjuPh2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiZC:SgdnJKPh2kkkkK4kXkkkkkkkkJC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9d7401df67fc7db2ce26c1514dd93e5fe669197798629d8002de5749f1c4b52.exe"C:\Users\Admin\AppData\Local\Temp\c9d7401df67fc7db2ce26c1514dd93e5fe669197798629d8002de5749f1c4b52.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrxrxl.exec:\7xrxrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnhnh.exec:\7nnhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbn.exec:\nhnhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnbt.exec:\thtnbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrlx.exec:\rllxrlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthb.exec:\nhbthb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdp.exec:\jppdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnhb.exec:\nhbnhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrfxl.exec:\ffxrfxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrll.exec:\xrlfrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxxrl.exec:\rllxxrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjv.exec:\jpvjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbnbt.exec:\1bbnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbnh.exec:\hnnbnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrfrrf.exec:\llrfrrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnhbt.exec:\7bnhbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjdp.exec:\5vjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnbnh.exec:\9bnbnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxrl.exec:\rrllxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtn.exec:\hnnbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\xlfxfxr.exec:\xlfxfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\htnbnh.exec:\htnbnh.exe26⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe27⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe28⤵
- Executes dropped EXE
-
\??\c:\fffxlrl.exec:\fffxlrl.exe29⤵
- Executes dropped EXE
-
\??\c:\1hnhbb.exec:\1hnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\pdpdv.exec:\pdpdv.exe31⤵
- Executes dropped EXE
-
\??\c:\lrlrlfx.exec:\lrlrlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\9nhtnh.exec:\9nhtnh.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhthh.exec:\bnhthh.exe34⤵
- Executes dropped EXE
-
\??\c:\3vpdv.exec:\3vpdv.exe35⤵
- Executes dropped EXE
-
\??\c:\rllxlfr.exec:\rllxlfr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe37⤵
- Executes dropped EXE
-
\??\c:\3bbhtn.exec:\3bbhtn.exe38⤵
- Executes dropped EXE
-
\??\c:\rffrfxl.exec:\rffrfxl.exe39⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe40⤵
- Executes dropped EXE
-
\??\c:\ttbnnh.exec:\ttbnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe43⤵
- Executes dropped EXE
-
\??\c:\thbhtb.exec:\thbhtb.exe44⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\3dvpj.exec:\3dvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\ffrllfx.exec:\ffrllfx.exe47⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe48⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe49⤵
- Executes dropped EXE
-
\??\c:\1lfxllf.exec:\1lfxllf.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\llfrllf.exec:\llfrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrxxrr.exec:\rlrxxrr.exe54⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe55⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\lxfxffx.exec:\lxfxffx.exe57⤵
- Executes dropped EXE
-
\??\c:\thbthh.exec:\thbthh.exe58⤵
- Executes dropped EXE
-
\??\c:\ntthbt.exec:\ntthbt.exe59⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrlfff.exec:\fxrlfff.exe61⤵
- Executes dropped EXE
-
\??\c:\3hbtnh.exec:\3hbtnh.exe62⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\5djvp.exec:\5djvp.exe66⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe67⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe68⤵
-
\??\c:\jjppj.exec:\jjppj.exe69⤵
-
\??\c:\xflffxr.exec:\xflffxr.exe70⤵
-
\??\c:\9hhthh.exec:\9hhthh.exe71⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe72⤵
-
\??\c:\lrllfxf.exec:\lrllfxf.exe73⤵
-
\??\c:\nbnbhb.exec:\nbnbhb.exe74⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe75⤵
-
\??\c:\xlxlrlr.exec:\xlxlrlr.exe76⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe77⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe78⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe79⤵
-
\??\c:\1hbthh.exec:\1hbthh.exe80⤵
-
\??\c:\nbhthb.exec:\nbhthb.exe81⤵
-
\??\c:\vpppd.exec:\vpppd.exe82⤵
-
\??\c:\xflrlll.exec:\xflrlll.exe83⤵
-
\??\c:\hhnhtn.exec:\hhnhtn.exe84⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe85⤵
-
\??\c:\9rfxlfx.exec:\9rfxlfx.exe86⤵
-
\??\c:\xfrfrlf.exec:\xfrfrlf.exe87⤵
-
\??\c:\nbbbth.exec:\nbbbth.exe88⤵
-
\??\c:\vppdp.exec:\vppdp.exe89⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe90⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe91⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe92⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe93⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe94⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe95⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe96⤵
-
\??\c:\9lrffff.exec:\9lrffff.exe97⤵
-
\??\c:\7lfxrlf.exec:\7lfxrlf.exe98⤵
-
\??\c:\3tttnn.exec:\3tttnn.exe99⤵
-
\??\c:\9jjvj.exec:\9jjvj.exe100⤵
-
\??\c:\lffrffx.exec:\lffrffx.exe101⤵
-
\??\c:\1hnbtt.exec:\1hnbtt.exe102⤵
-
\??\c:\ntbtbt.exec:\ntbtbt.exe103⤵
-
\??\c:\lfrlrll.exec:\lfrlrll.exe104⤵
-
\??\c:\llxrlrr.exec:\llxrlrr.exe105⤵
-
\??\c:\bhhthh.exec:\bhhthh.exe106⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe107⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe108⤵
-
\??\c:\frrlfxx.exec:\frrlfxx.exe109⤵
-
\??\c:\thnbtn.exec:\thnbtn.exe110⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe111⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe112⤵
-
\??\c:\fxfrxrl.exec:\fxfrxrl.exe113⤵
-
\??\c:\9nbtnh.exec:\9nbtnh.exe114⤵
-
\??\c:\7hbtnh.exec:\7hbtnh.exe115⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe116⤵
-
\??\c:\lxfrffr.exec:\lxfrffr.exe117⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe118⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe119⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe120⤵
-
\??\c:\7xfxffl.exec:\7xfxffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-